zx2c4
commented
1 year ago It looks like you just copied and pasted the code from ancient kernels. Yikes. Indeed, just use get_random_bytes(&l, sizeof(l)) and call it a day.
Closed solardiz closed 1 year ago
zx2c4
commented
1 year ago It looks like you just copied and pasted the code from ancient kernels. Yikes. Indeed, just use get_random_bytes(&l, sizeof(l)) and call it a day.
zx2c4
commented
1 year ago Actually, looking at this, it appears that you're calling get_random_bytes() on the secret (rather than, say, get_random_once() or similar). That means you have a fresh u32 every time anyway? This makes no sense. So if you go with the basic get_random_bytes(&l, sizeof(l)), you'll probably recover performance anyway.
zx2c4
commented
1 year ago Also RDRAND is mostly not fast.
solardiz
commented
1 year ago Also
RDRANDis mostly not fast.
I suppose get_random_bytes on those old kernels is likely slower still?
Anyway, preserving the coding style for now (to be dealt with project-wide separately):
static inline unsigned long get_random_long(void) {
unsigned long p_ret;
get_random_bytes(&p_ret, sizeof(p_ret));
return p_ret;
}
Our current
get_random_longcompatibility wrapper is weird:Maybe I forget, but I see no good reason for us to do more than a
get_random_bytesof the entireunsigned longsized value.The
arch_get_random_longquick path we may keep or drop. It basically uses the RDRAND instruction on x86. Some would say such reliance (rather than using it as an extra input when [re]seeding) on its proper implementation is inappropriate, but then our current uses aren't that security sensitive (we don't derive long-term cryptographic keys). Anyway, this wrapper is only used on very old kernels.